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DETAILED ACTION 
Remarks 

1 . This office action is in response to tine amendment filed on 10/29/2009. 

2. Claims 20 and 22-31 have been amended. 

3. Claims 1, 3-6, 8-16, 18-20 and 22-35 remain pending and have been examined. 

Response to Arguments 

4. Applicant's arguments filed on 1 0/29/2009, in particular on pages 9-1 1 , have 
been fully considered but they are not persuasive. For example: 

■ At page 10, first paragraph. Applicants submit that the Cymerman's Ant is not 
a build process which is construed to encompass compiling, linking, and the 
like. However, Examiner respectfully disagrees. Cymerman's page 1, section 
"Why do I need a defined build process", discloses a definition about defined 
build process and at next section "What is Ant?" clearly discloses that "Ant is a 
platform-independent scripting tool that lets you construct your build scripts in 
much the same fashion as the 'make' tool in C or C++". It can be seen that Ant 
tools is the same as "make" tool when executed will perform or realize the 
steps of the build process and generated final software build. In the same 
section, Cymerman also discloses a table that contains example commands 
which are used by Ant to compile and control source code, e.g. "CVS", "Javac" 
(p.2, table, "Javac", "Compiles a source tree within the running (Ant) VM"). 
Moreover, at page 3, section "OK, show me how this works", Cymerman 
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further gives out an example how to use Ant to running build process including 
steps of create directories for source code and target code, invoking Javac 
compiler to compile source code (see for example, p.3 "Simple build process 
with Ant (simple.xml)"). Therefore, Ant tools to execute and realize the build 
process including compilation. 

■ At page 10, second paragraph. Applicants submit that Jerger does not 
describe accessing a policy to apply a permission level to the build process. 
However, Examiner's position is that Cymerman discloses compilation policy 
which selectively includes or excludes certain entities matching the pattern in 
the name attribute or a certain property is set to true or false in the build 
process (see for example, p.5-6, "include", "exclude" and "unless" and related 
text). Jerger discloses a configuration model which contains configurable 
permission (see for example, fig. 8, fig.13A-C and related text). Both 
Cymerman and Jerger use the configurable properties (e.g. true, or 
permissions) to control access files. Therefore, it would have been obvious to 
one having ordinary skill in the art to use Jerger's permissions policy in 
Cymerman's access control mechanism to select include or exclude certain 
files to be involved in the compile or build process when running Ant tool. 

■ At pagel 1 , second paragraph, applicants submit that neither reference 
discloses or suggests the limitation about "at build time, principal permission 
level under which the build process executes is determined by analyzing the 
levels of trust associated with each of the build entities, an lowest level of trust 
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of all involved build entities dictates the principle permission level for execution 
of the build process". However, Examiner's position is that the three levels of 
trust including "trusted", "semi-trusted" and "untrusted" wherein if the lowest 
level is "trusted", it is the same as Ant build process without any include or 
exclude restrictions; if the lowest level is "semi-trusted", it is equivalent to the 
build process with include or exclude restrictions and if the lowest level is 
"untrusted", file will be excluded and will cause build fail. Therefore, Cymerman 
and Jerge together disclose such build process which includes those dictated 
permission level by using Ant tool and Jerger's policy components as recited in 
claim 1. 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1, 3-6, 8-16, 18-20 and 22-35 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Cynerman (Michael Cynerman, Automate your build 
process using Java and Ant) in view of Jerger (US 6,321 ,334). 

Claim 1: 

Cvnerman discloses a system that facilitates management of a build process. 



comprising: 
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■ a build process that processes one or more build entities (see for example, 
p.1, section Introducing the powerful XML-based scripting tool, Ant. "A 
defined build process" and related description); and 

■ a policy component that is processed by the build process within which the 
build process operates (see for example, p. 3, example of simple.xml file 
includes build policy/rules for build process) 

Cvnerman also discloses using "include/exclude" and "unless" entities to match 
the pattern in the name attribute from the compilation (see for example, p.6, first 
and second paragraphs). But Cvnerman does not explicitly disclose determining 
one or more levels of trust within which the build process operates. 
However, Jerger in the same analogous art of computer-based system discloses 
a method of configuration of a system security policy that is stored on a host 
computer, (see for example, Figure 8, items 812 Unsigned Permissions, 814 
Trusted Signed Permissions, 816 Untrusted Signed Permissions and related 
text), wherein the one or more build entities are each associated with one or 
more levels of trust, such that at build time, a principal permission level under 
which the build process executes is determined by analyzing the levels of trust 
associated with each of the build entities, and lowest level of trust of all involved 
build entities dictates the principal permission level for execution of the build 
process (see for example, Fig.13A-C, step 1312, "Is class digitally signed?", step 
1324 "Fail", step 1334, "Compare Requested permission set to granted 
permission set", step 1338, 1318 "Grant requested Permissions", "Store any 
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Granted Permissions with the Class"). Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to define 
those different levels of trust for the build entities and use Cvnerman 's "unless" 
entities to match the pattern in the name attribute about the levels of trust from 
the compilation. One would have been motivated to do so to secure the build 
process by automatically administering the decision to grant or deny permissions 
to specific build entities as suggested by Jerqer (see for example, col.2, lines 27- 
51). 

Jerger further discloses the levels of trust include levels that are representative of 
trusted, which has no restrictions to the build process (see for example, Fig.13A- 
C, steps 1312->1320->1336-1318 and related text), semi-trusted, which has 
restrictions to the build process (see for example, Fig.13A-C, steps 1312->1314- 
>1316 and related text; also see Fig.12C, item 1230i and 1232i and related text), 
and untrusted, which causes the build process to fail, (see for example, Figure 
13A-C, steps 1322->1324, "Fail" and related text). 

Cvnerman also discloses a BuildListener interface which can listen, catch and 
notify when certain steps in the build process (see for example, p. 7, section 
Reporting enhancement, "If you wanted to extend Ant's functionality to provide 
notification when certain steps in the build process are completed or are in 
progress..."; "BuildListener" and related text). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made 
to notify developer any events including the event wherein if the lowest level of 
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trust is untrusted and the build process fails as suggested by Cvnerman 
Claim 3: 

Cvnerman and Jerqer disclose the system of claim 1 , Cvnerman further discloses 

the policy component includes one or more policy files that are processed by the 
build process (see for example, p.3, example of simple.xml file includes build 
policy/rules for build process). 

Claim 4: 

Cvnerman and Jerqer disclose the system of claim 1 , Cvnerman further discloses 
the policy component includes one or more policy files that are processed by the 
build process before the one or more build entities are built (see for example, p.3, 
example of simple.xml file includes build policy/rules for build process). 

Claim 5: 

Cvnerman and Jeraer disclose the system of claim 1 , Cvnerman further discloses 
the one or more entities include at least one of a project, a task, a logger, and 
operating system (OS) account information (see for example, p.3, example of 
simple.xml file includes project; also see example command line, p. 7, Xml Logger 
for writing a reporting tool). 



Claim 6: 
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Cvnerman and Jerger disclose the system of claim 1 , Jerger further discloses at 
least one of the one or more build entities are each associated with the one or 
more of the levels of trust, which associations are defined in the policy 
component via at least one of a user-definable policy file and a default policy file, 
at least one or both of which are processed to determine the level of trust for the 
build process (see for example. Figure 4A, set the security level for this zone, 
items 408-412 and related text; also see col. 18, lines 51-63, "each security zone 
has a default security level, which is used if not changed by a user"). 

Claim 8: 

Cvnerman and Jerger disclose the system of claim 1 , Cvnerman also discloses a 
computer that employs the system of claim 1 (see for example, p.3, lines 3-4, NT 
machine). 

Claim 9: 

Cvnerman and Jerger disclose the system of claim 1 , Cvnerman also discloses a 
server that employs the system of claim 1 (see for example, p.3, line 3, server's 
operating system). 

Claim 10: 

Cvnerman and Jerger disclose the system of claim 1 , Cvnerman also discloses 
the system of claim 1 , the entity is received at least by one of downloading from a 
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website, as part of an e-mail, and a version control system (see for example, p. 2, 
line 1, CVS- Handles package/modules retrieved from a CVS repository). 



Claim 11-15: 

Claims 11-15 are another system version of claims 1-6 and 8-10 addressed 
above, wherein all claimed limitation functions have been addressed and/or set 
forth above. Thus, they also would have been obvious. 



Claim 16: 

Cvnerman and Jerqer disclose the system of claim 1 1 , Jerqer further discloses 
an option for setting custom permission level (see for example. Figure 8, item 
816 and 824, "Refuse untrusted permission without asking" and related text). 

Therefore, it would have been obvious that the build process would exclude and 
not build those entities when the permission level is representative of untrusted. 



Claim 18: 

Cvnerman and Jerqer disclose the system of claim 1 1 , Cvnerman further 
discloses the one or more policy files are written in XML (see for example, p. 3, 
example of simple.xml file includes build policy/rules for build process) 



Claim 19: 
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Cvnerman and Jerger disclose tine system of claim 1 1 , Cvnerman further 
discloses the one or more policy files are adjusted automatically according to one 
or more parameters (see for example, p.3, bottom line - p.4, line 7 the example 
of Ant command line parameter, e.g. "init" and related text). 

Claim 20: 

Claim 20 is computer program product version of the claimed method, wherein all 
claimed limitation functions have been addressed in claims 1-6 and 8-10 above 
respectively. It is well known In the computer art that such method steps can be 
implemented as computer program and can be practiced and /or stored on a 
computer operable media. Thus, they also would have been obvious in view of 
reference teachings above. 

Claim 22: 

Cvnerman and Jerger disclose the system of claim 20, Cvnerman further 
discloses the method of claim 20, further comprising sending a message when 

the build process fails (see for example, p.7, section "Reporting enhancements", 
BuildEvent, "public Throwable getException()" and related text). 

Claim 23: 

Cvnerman and Jerger disclose the system of claim 20, Jerger further discloses, 
providing a level of trust that allows any operation to be performed during the act 
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of performing (see for example, Figure 8, item 816, "Untrusted Signed 
Permissions", item 826, "Apply to all permissions not specifically allowed" and 
related text) 

Claim 24: 

Cvnerman and Jerqer disclose the system of claim 20, Jerqer further discloses 
providing a level of trust that allows only a minimal set of operations to be 
performed during the act of performing (see for example, Figure 8, item 816 and 
824, "Refuse untrusted permission without asking" and related text. Therefore, 
only trusted permission allows.)- 

Claim 25; 

Cvnerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a level of trust that aborts the build process during the act of performing 
(see for example. Figure 4A, "Set the security level for the zone", item 408 "High, 
exclude content that could damage your computer").. 

Claim 26: 

Cvnerman and Jerqer disclose the system of claim 20, Jerqer further discloses, 
the act of associating associates one of the one or more build entities with at 
least two levels of trust (see for example. Figure 9A, 9C and related text; For 
setting different Read Access type and Connect Access type). 
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Claim 27: 

Cvnerman and Jerger disclose the system of claim 20, Jerger further discloses 
providing a default set of associations between the one or more build entities and 
one or more levels of trust in the form of a file (see for example, Figure 8, "Edit 
Custom Permissions", "Save" button can be used to save configuration to file) 

Claim 28: 

Cvnerman and Jerger disclose the system of claim 20, Jerger further discloses, 
the level of trust is defined according to at least one of user-defined policy data 
and default policy data (see for example. Figure 4A, default: High, Medium and 
Low; User defined: Custom). 

Claim 29: 

Cvnerman and Jerger disclose the system of claim 20, Jerger further discloses, 
the user-defined policy data overrides the default data where a conflict occurs 
(see for example, col. 18, lines 51-63, "each security zone has a default security 
level, which is used if not changed by a user"). 

Claim 30: 

Cvnerman and Jerger disclose the system of claim 20, Cvnerman further 
discloses, storing the association of the build entity with the level of trust in the 
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form of a file to which access is restricted (see for example, p. 3, example of 
simple.xml file includes build policy/rules for build process; also see p. 6, first and 
second paragraphs, "include/exclude" and related text). 

Claim 31: 

Cvnerman and Jerqer disclose the system of claim 20, Cvnerman further 
discloses, storing the association of the build entity with the level of trust in the 
form of a file that further relates the use of system resources with the level of 
trust (see for example, p. 6, third paragraph about setting "available" property for 
using class "com.ibm.bsf.BSFManager"). 

Claim 32-35: 

Claims 32-35 are another system version of claims 1-6 and 8-10 addressed 
above, wherein all claimed limitation functions have been addressed and/or set 
forth above. Thus, they also would have been obvious. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Applicant's arguments with respect to claims rejection have been considered but 
are not persuasive. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 



7. 



8. 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zheng Wei whose telephone number is (571) 
270-1059 and Fax number is (571 ) 270-2059. The examiner can normally be 
reached on Monday-Thursday 8:00-15:00. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Tuan Q. Dam can be reached on (571) 272-3695. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Any inquiry of a general nature of relating to the status of this application 
or proceeding should be directed to the TC 2100 Group receptionist whose 
telephone number is 571- 272-1000. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 



IZ. W./ 

Examiner, Art Unit 2192 



/Tuan Q. Dam/ 

Supervisory Patent Examiner, Art Unit 2192 



